Overview#Security Support Provider Interface (SSPI) is the foundation for authentication in Windows Server 2003 and later Microsoft Windows.
Security Support Provider Interface allows an application to use various security models available on a computer or network without changing the interface to the security system.
The default Security Support Providers in Windows Server 2003/Windows Server 2008 are plugged into the SSPI in the form of DLLs. Additional SSPs can be plugged in if they are interoperable with the SSPI.
Security Support Provider Interface is the implementation of the Generic Security Service Application Program Interface (GSSAPI) in Windows Servers:SSPI in the form of DLLs. Additional SSPs can be plugged in if they are interoperable with the Security Support Provider Interface.
SSPI in Authentication#
The SSPI in Windows Server 2003 and later provides a mechanism that carries authentication tokens over the existing protocol, thus eliminating the need for communicating parties to specify a network protocol for use during authentication. When two parties need to be authenticated so that they can communicate, the requests for authentication are routed to the SSPI, which completes the authentication process, regardless of the network protocol currently in use.
- Winlogon sends requests to the Local Security Authority, which obtains tickets to access the local computer.
- Internet Explorer obtains tickets to access information about a Web site.
- An LDAP client obtains tickets to enable access to information in an x500 directory, such as Microsoft Active Directory.
SSPI-Architecture#A "Simple" diagram of Security Support Provider Interface